Is it bug or feature? The problem with redirect plugin and session.

[seyfer]

Hello

Let me first tell a story how I reached to this issue. I have spent more than 6 hours in sum with a face like this one 'O_O' trying to add a very simple feature, which every modern framework have, in my app based on zf3. It's a flash messenger.

I just wanted to display some fancy messages after actions connected with form submission, like auth or change password.

1. I have started with official zend-mvc-flash messenger and was happy. After testing it in a scope of one action I decided to use it to display success message after a redirect. And was wondering why a message wasn't displayed. I started to debug $_SESSION and found that array key connected with FlashMessanger wasn't there. Only __ZF with validators and Zend_Auth were presented.
   Well, something wrong with auth, I decided. It was my guess because I have used Doctrine auth for auth routine and though that I have an error in config or a bug in DoctrineModule that overwrites session.

I was wrong. During my investigation, I became zend auth master and doctrine config master. But the problem wasn't there. I have tried all crazy config variants and different factories. No results.

2. Then I decided that probably there is a bug in FlashMessanger. Maybe it conflicts with Doctrine or something. So I used some not popular modules from GitHub to wrap FlashMessenger or replace it.
   No results. Still nothing in session after form submit.

I decided to write my own plugin. And even did! It based on pure PHP solution wrapped with View Helper and Controller Plugin into Zend. I was happy, seems like it worked. I have even integrated it with some js lib to have temporary messages in the right corner.

3. Next day I found, that my plugin faced the same problem. No value in session after form submit. In plugin logic I haven't used any Zend component, just worked with a $_SESSION. And the value was there until auth or password change form submits and redirect.

I decided to investigate zend-session docs, config variants, a code, and factories. I had a guess that session rewrites container somehow. I was wrong.

In the end, when I'm almost was defeated, I decided to use another redirect way with build in in my plugin simple redirect function. And it's worked!
Waaaait a minute. All the time problem was with a redirect plugin?
Then I saw this commented code.

$this->msg()->success("Password updated");
$this->redirect()->toRoute('profile', ['action' => 'index']);

}

Hmmm... I read controller plugin redirect docs.
https://docs.zendframework.com/zend-mvc/plugins/#redirect-plugin
And I returned redirection back with $this->redirect() and changed it in this way

$this->msg()->success("Password updated");
return $this->redirect()->toRoute('profile', ['action' => 'index']);

}

And it's worked like a charm. After a redirect, all session keys like flash_messenger and FlashMessneger were presented.

---

So, I have spent more than 6 hours with a debug, trying different stuff, writing my own flash messenger plugin, and reading docs only because of

return

This is what I think about this situation encoded in rude64();

^&^%$$%#$#^) ()* (*&*^%$%$@ ##$^&^*&&( ()* (* !!!!

And now we reached the question.
In a documentation written, that usage of return with redirect plugin is optional.

If you return this immediately, you can effectively short-circuit execution of the request.

And from this phrase, we could conclude that there shouldn't be a difference if you return a response immediately or not.

In each case, the Response object is returned.

Somebody, please, explain me, why $this->redirect() with a return and without return works differently?

Why without return after redirect all my custom keys in $_SESSION were deleted and it's looked like the session was created from scratch?

I'm using latest skeleton app with all latest vendor zend libs. All configs and code are correct (I have checked 100 times).

If there is no adequate answer to my questions, then, please, consider this issue as a bug report.
Because on my opinion redirect plugin SHOULD work the same in both cases, if a response was returned immediately or not (we just reached an end of action method).

Some senior PHP developer with 6 years of experience shouldn't be so confused with a framework which he loves...

[MatthiasKuehneEllerhold]

Just asking the obvious: Is there anything you're doing after your call to $this->redirect() that may be executed and may clear the session?

[seyfer]

@MatthiasKuehneEllerhold of course not. And I have written it above.

(we just reached an end of action method).

[weierophinney]

This repository has been closed and moved to laminas/laminas-mvc; a new issue has been opened at laminas/laminas-mvc#19.